Sign up to our newsletter
As talk goes on in Washington DC about a 2009 Stimulus payment, the phisher are still trying to exploit the 2008 stimulus program. One such attack claims to be the secure way to get your stimulus payment. There was only one secure way to do that, and it was by going through the IRS. There is no online form to get your stimulus payment.
One phishing attack comes from firstname.lastname@example.org. The IRS uses a .gov, not .com email address and does not send you email about obtaining a stimulus check. The phish even includes a logo that resides on the real IRS web site, but the web site the user was directed to, was not an IRS web site at all. It really doesn’t matter what the return email address is, or what the links are. All you need to know is that the IRS does not send you email concerning money owed or refunded. The IRS probably doesn’t send you email at all unless you contacted them.
Assume that any email you get from the IRS is a scam. Still not sure? Call the IRS or better yet, write them a letter. Protecting yourself from these scams is really that easy. Share this information with people you know because it looks like there may be a 2009 stimulus package and we will see a new barrage of these phishing attacks.
Director of Technical Education
Author ESET Research, ESET